1. Field of the Invention
This invention relates to random number generators and in particular to random number generators based on detection of quantum phenomena. This invention also relates to random number generators based on detection of photons. The invention further relates to a method of generating random numbers based on detection of quantum phenomena, and particularly, based on detection of photons.
2. Description of the Related Art
A random number generator is a device which produces random numbers or numbers that are nearly random. A number that is random is one that has no "memory" of what has gone before it. It has proved to be very difficult to produce truly random numbers. While people may be capable of producing random numbers by picking numbers out one at a time, they cannot do so fast enough to meet the requirements of modern usage. Therefore, for all practical purposes, machines are used to produce random numbers.
Most machines and methods heretofore employed for producing random numbers are either "deterministic"--they follow a fixed, totally predictable recipe--or are not truly random. Some few devices produce truly random numbers, but they are subject to being skewed by external influences or are very delicate and expensive to maintain. For many purposes an approximation of randomness has turned out to be acceptable. For an increasing number of others, true randomness is a necessity.
Random numbers are most commonly thought of as having security applications such as for sending encrypted messages. Random numbers are useful for security purposes because they create inherently unpredictable sequences which cannot be easily duplicated, studiously replicated or discovered by accident. For many lower security applications, a random number generator with a reasonable degree of randomness will suffice. Higher security applications demand a greater degree of true randomness. That this is true was dramatically illustrated in 1991 during the attempted coup in the Soviet Union when American cryptologists were able to decipher communications between high level Soviet officials using the most sophisticated Soviet cipher equipment. In another demonstration of the vulnerability of modern ciphers, in January 1997 a university student was able to crack a 40 bit security code in just three and one-half hours by testing 100 billion possible solutions to the code per hour.
Another problem that exists with current random number generators, apart from the level of "randomness" of the numbers that they are able to produce, is that sufficient numbers of random numbers cannot be produced quickly enough for contemporary applications. This is significant in security applications where messages are encoded with a string of random numbers by adding a bit in the string to each bit in the message. The result appears to be nonsense to any recipient until it is decoded by subtracting out the string to recover the message. Ideally, the random number string should be as long as the message itself In practice, a string--known as a "key"--is used repeatedly and it is hoped the string cannot be discovered. The length of the key is critically important because each additional random bit in the string doubles the security level of the cipher. Naturally, if production of sufficient numbers of random numbers was possible and practical, the level of security enjoyed for encrypted messages would increase exponentially.
In addition to security applications, random numbers are increasingly essential for scientific investigations including studies of physical laws, investigations and constructions of probability distributions, analyses of the performance of mathematical algorithms in principle as applied practically to devices, and notably for development of artificial intelligence. Random number generators are used in the assessment of the performance of machines to help construct a large variety of representative situations. The sampling thus obtained provides feedback which is used to learn more about the process or operation being studied. As with security applications, problems exist regarding the availability of a sufficient volume of random numbers and with the true randomness of the numbers produced. In a growing number of areas of scientific inquiry, the ability to produce large numbers of random numbers can be critical. Certain research, such as large-scale Monte Carlo simulations, requires millions of random numbers to yield useful information. In sensitive analyses where true randomness in a sampling is necessary to obtain sound results, any lack of randomness can unacceptably skew test data and frustrate the research.
In part due to the need for large numbers of random numbers, the technique of producing "pseudo-random" numbers evolved. Pseudo-random numbers are generated using an arithmetical algorithm having an output of numbers which can pass most statistical tests of randomness. Another important aspect of arithmetically produced random numbers is that they can be replicated. This is useful for purposes of testing and analyses, but potentially disastrous for security applications. While pseudo-random numbers are statistically random for most applications, and have the application specific advantage of being reproducible, they suffer from one major flaw--they repeat. For example, a popular pseudo-random number generator is the linear-congruential generator which is based on a three step algorithm. The linear-congruential generator produces integers less than m. At some point, if the generator is asked to produced m+1 numbers, it must repeat itself at least once. Since each integer produced by the generator is based on the same algorithm, and is therefore dependent on the preceding number, this leads into a cycle of repetition that the generator cannot escape. In this sense, each pseudo-random number generator has a period. The best linear-congruential generators have a period exceeding 2 billion. Shift-register algorithms have been used to greatly extend the period of the generator. Even so, the fact remains that, regardless of the length of the period of a pseudo-random number generator, the numbers which are the product of the technique are ultimately deterministic and not truly random.
Most machines are understood to function in the realm of classical mechanics according to the physical laws stated by Newton. Since, under Newtonian physics, a machine powered by a constant force or having a constant velocity can only yield a constant measurement of the values of its physical characteristics, generation of random numbers is in principle impossible. In the essence of the concept, any object can be described and its physical nature predicted if its initial conditions are known. It is therefore ultimately deterministic and incapable of truly random behavior.
Moving closer to the observation of quantum phenomena, many devices have been constructed that take sample measurements of a stochastic physical process. The measurements are converted into a sequence of random elements, each element having no memory of any of its predecessors. Production of random numbers from a physical process creates a string of random numbers that is not repeatable. This lack of repeatability is a liability in scientific applications where it is desirable to replicate experimental results based on a given string of random numbers. Conversely, lack of repeatability is not necessarily a disadvantage and may well be an asset in security applications and the investigation of artificial intelligence.
Random or nearly random numbers can be generated using "noise" created by minor fluctuations in electronic circuits. It is disputed whether such electronic noise devices generate true random numbers. Unfortunately, they are often innately slower than pseudo-random number generators making them unsuitable for any application where a substantial quantity of random numbers is required. Another drawback to noise based random number generators is that their delicate construction requires constant, minute checking to verify that the device has not skewed away from producing true randomness. Electronic noise devices can become unstable over time. Noise levels can also be affected by fluctuations in temperature and line voltage. Lastly, such devices are very sensitive to surrounding electromagnetic fields so that any fluctuation in nearby electromagnetic fields can change the output of the device in a deterministic way thereby skewing the noise away from randomness.
Random numbers can be produced by monitoring radioactive decay. Such devices produce truly random results as opposed to electronic noise devices. However, radioactive materials must be shielded and are therefore inappropriate for many locations, such as personal computers. As with noise based devices, radioactive decay devices produce random numbers at unacceptably slow rates.
Recently there have been advances in production of random numbers using spatially stochastic processes. Using a two-dimensional position-sensitive photon-counting detector, the locations of detected photoevents on the two-dimensional detector are tracked. A random sequence of numbers is produced based upon the location (not the time) of photoelectrons emitted from a photocathode. While promising, random number generation based on photoevent locations suffers from an number of vexing problems. The photoevent random number generator is large in size, making it impractical for many applications. It is also complicated to set up and is dependent on position resolution, speed and dead time.
Other advances in related fields have focused on the polarized nature of light. Photons have many different polarizations. If a photon is passed through a birefringent crystal, such as calcite, the photon will pass straight through the crystal if it is polarized perpendicular to the optic axis of the crystal. If the photon entering the crystal is already polarized along the axis of the crystal, it will emerge with the same polarization but be shifted to a different path than the photons with perpendicular polarization. The photons that have emerged from the crystal can be detected using detectors, such as photomultiplier tubes, established in the two respective paths. If a photon is incident on the crystal with a polarization that is not one of the two rectilinear directions, that is, either parallel or perpendicular to the optic axis of the crystal, the polarization of the photon will be repolarized into one of the two rectilinear directions. If a photon enters the crystal with an axis of polarization half-way between the two rectilinear directions, it will be randomly repolarized into either rectilinear path with equal probability. These repolarized photons lose all "memory" of their original diagonal polarization. The randomization of the diagonally polarized photons has been utilized by quantum cryptographers to advance a clever scheme for secure exchange of a secret random key that can subsequently be used to send secret messages. An essential part of the scheme is to thwart eavesdroppers to the message using the random repolarization of incident photons having polarizations diagonal to the optic axis of the crystal. Any measurements by the eavesdropper of such photons would repolarize them and erase the message content inherent in their original polarizations. Interestingly, the possibility of generating random numbers using the random repolarization of incident photons having diagonal polarizations has attracted very little attention.